CPSC 457:Costs of SpamSpam originates mainly from:Anti-spam LegislationCAN-SPAM Act of 2003Slide 6Criminal Spam Act of 2003SPAM ActSlide 9REDUCE Spam Act of 2003REDUCE Spam Act 0f 2003Anti-Spam Act of 2003Slide 13Reduction in Distribution of Spam Act of 2003Problems with proposed legislationSlide 16Anti-spam legislation in the EU and UKWorld’s Fourth Largest SpammerWorld’s Premier SpammerSpam blocking technologySpam TricksSteps individuals can takeCPSC 457: Sensitive Information in a Wired WorldAnti – Spam Legislation and TechnologyJeannie WongCosts of SpamIn the U.S. and the E.U., half of all email are unsolicited commercial emails.The Federal Trade Commission maintains and monitors a spam database, and has set up a special mailbox that receives 40 thousand junk emails a day.Spam is used not only to peddle merchandise and various money-making scams, but also to disseminate computer viruses.FTC: spam costs between $10 billion and $87 billion annually. 7 billion pieces of spam are sent daily, which drains bandwidth and productivity.ISPs pass the increased cost along to their customers.Schumer: NYC residents receive 8.25 million pieces of spam daily and spend 4.2 million hours annually deleting them.Jupiter Research:in 2002, $1.4 billion spent on email marketing campaigns in 2007, $8.3 billion will be spentAnti-spam technology is an $88 million industry.Spam originates mainly from:1. United States - 33% 2. China - 18% 3. Korea - 9% 4. Brazil - 4% 5. Canada - 3 % 6. United Kingdom - 2% 7. Italy - 2% 8. Mexico - 2% 9. Germany - 2% 10. Taiwan - 1%Anti-spam Legislation107th Congress: 8 bills106th Congress: 11 bills108th Congress: 9 bills Anti-Spam Act of 2003Ban on Deceptive Unsolicited Bulk Electronic Mail Act 0f 2003CAN-SPAM Act of 2003Computer Owners’ Bill of RightsCriminal Spam Act of 2003REDUCE Spam Act of 2003Reduction in Distribution of Spam Act of 2003Stop Pornography and Abusive Marketing ActWireless Telephone Spam Protection ActCAN-SPAM Act of 2003Controlling the Assault of Non-Solicited Pornography and Marketing ActReintroduced for the third time in April 2003 by Sen. Conrad R. Burns (R-MT) and Sen. Ron Wyden (D-OR) Requires unsolicited commercial email messages to be labeled, to include opt-out instructions, workable return email addresses, and the sender’s physical addressPreempts state laws that prohibit unsolicited commercial email outrightImposes fines of up to $10 per email on spammers if the receiver has opted out, up to $500,000, and a fine of up to $1.5 million for spammers who willingly and knowingly violated the lawCAN-SPAM Act of 2003Imposes fines of up to $1 million for delibrately deceptive emailA criminal penalty of up to a year in jail for spammers who include deceptive subject lines and misleading header information.Criminal Spam Act of 2003Introduced June 19, 2003 by Sen. Orrin Hatch (R-UT)Cosponsors: Senators Leahy, Schumer, Grassley, Feinstein, DeWine, Edwards, Wyden, Burns, Pryor, Miller, and Nelson. Prohibits unauthorized or deceptive use of a third party’s computer for relaying bulk commercial email messagesProhibits the use of false header information in bulk commercial messagesRegulates the use of multiple email accounts or domain names for the purposes of sending such messages. Applies only to quantities or more than 100 messages within 24 hours, or 1000 within 30 days, or 10000 within one year.Senders of email with misleading headers may fined up to $25,000 each day or receive up to five years in federal prisonSPAM ActStop Pornography and Abusive Marketing ActIntroduced in June 2003, Sen. Charles Schumer (D-NY)Establishes a national “no-spam” registry, administered by the FTC, using fees paid for marketers for access to the listFTC would be empowered to prohibit explicit commercial messages to minors even if they are not on the list Requires full disclosure in email headers and addresses, require working unsubscribe mechanisms, ban the use of false sender names, and automated harvesting of email addressesSPAM ActAll messages that contain commercial content must have the letters ADV in the subject line, except those sent in compliance with an FTC-approved self-regulatory program, and must include the sender’s physical address.Jail time of up to 2 years for severe repeat offenders.$75 million needed to create the system, including the FTC registry and for enforcement.Supports domain-wide opt-outREDUCE Spam Act of 2003Restrict and Eliminate the Delivery of Unsolicited Commercial Electronic Mail or Spam Act of 2003Introduced in May 2003 by Rep. Zoe Lofgren (D-CA) Unsolicited bulk commercial email messages would be required to include a valid reply address and opt-out instructions, and a label (“ADV:” or “ADV:ADLT” or some other form of recognized standard identification)Applies to messages send in the same or similar form to 1000 or more email addresses within a two-day periodFalse or misleading headers and deceptive subject lines would be prohibited in all unsolicited commercial email messages, whether or not sent in bulkREDUCE Spam Act 0f 2003Similar to the Burns-Wyden bill with the addition of a reward of 20 percent of the civil fine levied by the U.S. Federal Trade Commission against the spammer to the first person to report a spam offender. Gives Internet service providers the right to bring civil actions against marketers who violate those requirements and disrupt their networks, and it allows for criminal fines and up to a year in prison for fraudulent spam.Anti-Spam Act of 2003Introduced June 18, 2003 by Rep. Heather Wilson (R-NM)Cosponsors: Rep. Rick Boucher (D-VA) & Rep. Ed Markey (D-MA)Commercial email messages must be identified as such, must include the sender’s physical street address, and an opt-out mechanism.Messages relating to a specific transaction and consented to by the recipient would be exempt from the requirementsSexually explicit messages must be identified with a standard labelCommercial email messages with false or misleading message headers or misleading subject lines are prohibited.Anti-Spam Act of 2003Sending commercial email messages to addresses generated by an automated dictionary attack would be illegal.Preempts state laws that restrict the sending commercial email, regulate opt-out procedures, or